From fd46fdefc9fdbf701c6f7adca77a259a587baec8 Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Fri, 24 Jul 2020 13:51:09 -0700
Subject: [PATCH] Updating note about collected diagnostic data

---
 .../microsoft-defender-antivirus/collect-diagnostic-data.md    | 3 +++
 .../microsoft-defender-atp/investigate-machines.md             | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/collect-diagnostic-data.md b/windows/security/threat-protection/microsoft-defender-antivirus/collect-diagnostic-data.md
index 840b26d06e..ea6ee23720 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/collect-diagnostic-data.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/collect-diagnostic-data.md
@@ -25,6 +25,9 @@ manager: dansimp
 
 This article describes how to collect diagnostic data that can be used by Microsoft support and engineering teams to help troubleshoot issues you may encounter when using the Microsoft Defender AV.
 
+> [!NOTE]
+> As part of the investigation or response process, you can collect an investigation package from a device. Here's how: [Collect investigation package from devices](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/respond-machine-alerts#collect-investigation-package-from-devices).
+
 On at least two devices that are experiencing the same issue, obtain the .cab diagnostic file by taking the following steps:
 
 1. Open an administrator-level version of the command prompt as follows:
diff --git a/windows/security/threat-protection/microsoft-defender-atp/investigate-machines.md b/windows/security/threat-protection/microsoft-defender-atp/investigate-machines.md
index 5fd56526b0..19f12472bc 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/investigate-machines.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/investigate-machines.md
@@ -27,6 +27,9 @@ ms.topic: article
 
 Investigate the details of an alert raised on a specific device to identify other behaviors or events that might be related to the alert or the potential scope of the breach.
 
+> [!NOTE]
+> As part of the investigation or response process, you can collect an investigation package from a device. Here's how: [Collect investigation package from devices](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/respond-machine-alerts#collect-investigation-package-from-devices).
+
 You can click on affected devices whenever you see them in the portal to open a detailed report about that device. Affected devices are identified in the following areas:
 
 - [Devices list](investigate-machines.md)